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REMARKS 



Amendments to the specification have been made and are submitted herewith in the attached 
Substitute Specification. A clean copy of the specification and a marked-up version showing the 
changes made are attached herewith. The claims and abstract have been amended in the attached 
Preliminary Amendment. All amendments have been made to place the application in proper U.S. 
format and to conform with proper grammatical and idiomatic English. None of the amendments 
herein are made for reasons related to patentability. No new matter has been added . 

In the unlikely event that the transmittal letter is separated from this document and the Patent 
Office determines that an extension and/or other relief is required, applicant petitions for any 
required relief including extensions of time and authorizes the Commissioner to charge the cost of 
such petitions and/or other fees due in connection with the filing of this document to Deposit 
Account No, 03-1952 referencing docket no. 449122078200 . However, the Commissioner is not 
authorized to charge the cost of the issue fee to the Deposit Account. 
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Dcocription 

METHOD AND DEVICE FOR AUTHENTICATING A SUBSCRIBER FOR 
UTILIZING SERVICES IN A WIRELESS LAN (WLAN) W HILE USING 
5 AN IP MULTIMEDIA SUBSYSTEM (IMS) O F A MOBILE RADIO 

NETWORK^ 



CLAIM FOR PRIORITY 
This application is a national stage of PCT/EP02/06269, 
10 published in the German language on December 18^ 2003, 
which was filed on June 1, 2002. 

TECHNICAL FIELD OF THE INVENTION 
The invention relates to a method and device for 
15 authenticating a subscriber for utilizing services in a 
wireless LAN (WLAN) — while using an IP multimedia 
subsystem (IMS) — of a mobile radio network. 



BACKGROUND OF THE INVENTION 
20 A method for authenticating WLAN subscribers in a mobile 
radio network is known f ro m described in the journal 
''Funkschau", issued 09/2002, pages 14-15, namely 
authentication via a NAI (Network Access Identifier) and 
optionally via a SIM card, and authentication using the 
25 IPv6 (Internet Protocol Version 6) and a so-called SIM-6 
mechanism. In general, authentication of a wireless LAN 
subscriber is effected via an HTTP protocol. 
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WO 00/7 6249 Al describes a method of authorizing an 
Internet protocol-enabled mobile device to access the 
Internet via a wireless LAN (WLAN), GSM or UMTS network. 
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whereby the transmission of an IP access request is 
initiated from the mobile device to an IP router via the 
access network. In response to receipt of said the access 
request at the IP router^ an IP address routing prefix is 
5 sent from the IP router to the mobile device. The IP 

router then only forwards IP packets to the mobile device 
if it has first received an authorization message from a 
control point . The control point monitors the payment 
(electronic cash) from the mobile device for use of the 
10 Internet. 

US 2002/0062379 Al describes the setting up of a 
multimedia session involving a mobile device with a 
session packet access bearer, which is established 

15 between the mobile device and an access point to a packet 
data network via a radio access network. The access point 
is connected to a multimedia system that supports 
multimedia session services. Using the session packet 
access bearer, a multimedia session that includes a 

20 plurality of media data streams is initiated in a mobile 
device. Media packet access bearers are established 
between the mobile device and the access point. 

SUMMARY OF THE INVENTION 
25 The object of this invention is to efficiently 

authenticates a subscriber of a wireless LAN who is also 
a mobile radio network subscriber, while utilizing 
services in a mobile radio network. 

30 The object io Qchiovcd according to the invention by the 
objccto of the independent claimo vjith refcrcnGO to the 
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method and device . — Dcvclopmento of the invention are 
opecified in the oubclaiitiG. A uthentication^ while using 
an IP multimedia subsystem, according to one embodiment 
of the invention, has the advantage that a subscriber is 
5 authenticated for any services that can be reached via 
the wireless LAN, without the installation of a separate 
server for authentication in the wireless LAN and without 
separate connection to a corresponding entity in the 
mobile radio network (e.g. HLR/HSS) , which must be 
10 contacted by means of a connection (interface) especially 
provided for that purpose. 



BRIEF DESCRIPTION OF THE INVENTION 
The invention is explained in greater detail with the 
15 help of an reference to exemplary embodiments^ illustrated 
in the diagrams . — In particular, Figures, in which: 
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Figure 1 shows the architecture with the interfaces 
between a wireless LAN and an IP multimedia 
subsystem — ( IMS ) ^ 
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Figure 2 shows how the WAGW obtains the authentication 
result using a separate P-CSCF/policy control 
function at the location having WLAN coverage_. 

Figure 3 shows how the WAGW obtains the authentication 

result through the P-CSCF/policy control 
function of the IP multimedia subsystem — (IMS) . 



30 Figure 4 shows how the WAGW learns the authentication 
result by expanded f unctionalities_^ 
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DETAILED DESCRIPTION OF THE INVENTION 
Figure 1 shows how the wireless LAN is connected to an IP 
multimedia subsystem (IMS) (3) . A subscriber MT (6) of a 
5 wireless LAN (10) is connected via a radio interface (11) 
to the wireless LAN at a location having wireless LAN 
coverage (hotspot) . For the authentication, the 
subscriber MT (6) receives an IP address (e.g. through 
DHCP) from the proxy call state control function node (P- 

10 CSCF) (1) . The subscriber MT (6) can thus authenticate 
himself, by means of SIP registration, in the IMS (3) 
without any prior bearer level authentication (e.g. H/2, 
authentication via the radio interface is optional) . In 
the IMS (3), the authentication takes place on the 

15 application side in the call state control function node 
(CSCF) (4) via an SIP registration message. This 
authentication guarantees the MT (6) access to specific 
profiles (e.g. WLAN profiles) . The CSCF (4) uses an 
authentication that is known per se for the IMS (3), but 

20 not for a WLAN (10), by means of the home subscriber 

system (HSS) (5) via the Cx interface. The P-CSCF (1) of 
the WLAN (10) receives the result of the authentication 
via an SIP registration request (e.g. 200 OK) . This 
result is transferred to the WLAN access gateway (WAGW) 

25 (2) . The WAGW (2) controls the access to services and 
monitors the successful authentication in the IMS (3) . 
The wireless LAN (10) is connected to the Gi interface or 
Mm interface with the IMS (3) . The Gi interface is an 
interface within the IP network (7) and is thus subject 

30 to special security precautions. The geographical 

distance between the IMS (3) and the location having WLAN 
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coverage is also taken into account. At the Mm interface, 
the connection between the IMS (3) and the location 
having WLAN coverage (hotspot) is effected via an IP 
multimedia network (Internet) (8) . 

5 

The authentication of an MT (6) in the IMS (3) is carried 
out using the SIP protocol. The result of the 
authentication in the IMS (3) is fed to the WAGW (2) . 
There are three options for this, which are described 
10 under Figure 2, Figure 3 and Figure 4. 

Figure 2 shows how the WAGW (2) receives the 

authentication result through a separate P-CSCF 

(1) /policy control function at the location having WLAN 

15 coverage (hotspot) . In this case the WLAN (10) is 

equipped with its own P-CSCF (1), which is used for 
forwarding SIP messages to the corresponding entity in 
the IMS (3) (SIP registration request) and controlling 
the WAGW (2) according to the authentication result of 

20 the IP multimedia subsystem (IMS) (SIP response) - The P- 
CSCF (1) communicates with the CSCF (4) in the IP 
multimedia subsystem via a Gi interface or Mm interface 
(via Internet (8)). The P-CSCF (1) provides the WAGW (2), 
on the basis of the result of the authentication (SIP 

25 registration) in the IMS (3) , with instructions on how 
the data traffic of an MT (6) is to be handled by the 
WAGW (2). This enables the WAGW (2) to block the data 
flow, for example. By means of the policy control 
function, the P-CSCF(l) controls the data traffic through 

30 the WAGW (2), and is able to grant, restrict, increase or 
decline the quantity and quality of the data flow of an 



20Q2rQ8525WQUS 



6 



PCT/EDQ2/Q62GQ 



MT (6) through the WAGW (2) . This mechanism is similar to 
the Go interface which is installed between the P-CSCF of 
the IMS (3) and the gateway GPRS support node (GGSN) (9) . 
This policy control function may be part of the P-CSCF (1) 
5 or may even be a separate unit, which may optionally be 
used in addition for the IP multimedia subsystem and the 
PS domains. 

One possible policy protocol is COPS (RFC 2748, used for 
10 the Go interface) . The Go interface uses an IP transport, 

and therefore a protected transfer of COPS messages 
within the wireless LAN, or a separate connection (i.e. 
separated from data traffic of subscribers within the 
wireless LAN) between P-CSCF(l) and WAGW (2,) is 
15 installed during implementation. 

Figure 3 shows how the WAGW (2) is notified of the result 
of the IMS authentication by the CSCF (4) of the IMS (3) . 
The CSCF (4) of the IMS (3) controls the WAGW (2) with 
20 the effect that it exercises policy functionality. Here, 
however, it is the P-CSCF of the IMS (3) that exercises 
control of the WAGW (2), instead of a separate P-CSCF in 
the wireless LAN. 

25 By means of the policy functionality, the P-CSCF of the 
IMS (3) controls the data traffic through the WAGW (2) 
and is able to grant, restrict, increase or decline the 
quantity and quality of the data flow of the MT (6) 
through the WAGW (2) . This mechanism is similar to the 

30 one in the Go interface which is installed between the P- 
CSCF of the IMS (3) and the GGSN of the PS domains. A Go 
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interface is installed between the CSCF (4) of the IMS 
(3) and the WAGW (2) of the wireless LANs (10) to ensure 
that data transfer is protected. The WAGW (2) can 
transmit the SIP messages containing the authentication 
5 result via the Gi interface or via the Mm interface to 
the CSCF (4) in the IMS (3). 

Figure 4 shows how the WAGW (2) itself evaluates the 
authentication result. The WAGW (2) receives the result* 

10 which indicates whether an authentication of the MT (6) 
has taken place in the IMS (3), and the result of this 
authenticati on. The WAGW (2) then converts the result by 
allowing subscriber data to pass through completely or 
with restrictions. If the WAGW (2) is equipped with a Gi 

15 interface, it can transmit authentication messages (SIP 
registration) via this interface to the CSCF (4) in the 
IMS (3). Otherwise • the Mm interface is used for this 
purpose. To enable the WAGW (2) to evaluate the result of 
the authentication (SIP messages) , it is implemented in 

20 the form of an "application layer gateway". In this way 
it can convert the result of an SIP authentication 
accordingly without the assistance of a CSCF (4) . The 
WAGW (2) does this by searching the data packets for SIP 
messages (registration requests and responses) and 

25 interpreting the SIP registration responses accordingly 
for the filtering of subscriber data. So that the WAGW 
(2) does not have to open every data packet, a process of 
elimination is carried out on OSI Layer 3 (IP address) or 
OSI Layer 4 (port number) . Thus an IP address, a port 

30 number or other eliminating factor is used to determine 
whether a data packet or datagram is forwarded to the 
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next higher OSI layer, or whether it may pass through the 
WAGW (2) . 
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Claimo What is claimed is: 



